Network Working Group Hal Woodward Internet Draft Safe-Tech Systems December 1995 PEM Compression Encryption Module Status of this Memo This document is a submission to the Privacy-Enhanced Electronic Mail Working Group of the Internet Engineering Task Force (IETF). Comments can be sent to the author at Safetech@access.digex.net or in writing at his address on last page. Distribution of this memo is unlimited. This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months, and may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material, or to cite them other than as a ''working draft'' or ''work in progress.'' To learn the current status of any Internet Draft, please check the ''lid-abstracts.txt'' listing contained in the Internet- Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), or ftp.isi.edu (US West Coast) to learn the current status of any Internet Draft. Woodward Expires in Six Months [Page i] Internet Draft Compression Encryption Module December 1995 Abstract The Privacy-Enhanced Electronic Mail system (PEM) [1] provides an inclusive standard as adopted by the Internet Architecture Board (IAB) to provide secure electronic mail over the Internet. The PEM protocols [2] provide for encryption, authentication, message integrity, and key management. PEM's encryption [3] accomplishes privacy of messages using DES in CBC mode; Integrity [4] via a cryptographic hash algorithm called a Message Integrity Check (MIC)using either MD2 or MD5; Symmetric key management [5] using DES in ECB mode or triple-DES using two keys (EDE mode); and supports [6] public-key certificates for key management, using the RSA algorithm and X.509 standard for certificate structure. This document describes the use of a Spiral Network Algorithm Compression routine integrated into the message-text encryption routines to provide enhanced confidentiality and smaller message size without impacting the throughput of the PEM system. It is the intention of the author to seek guidance from the readers on methods of testing and certification other than those listed herein. Woodward Expires in Six Months [Page ii] Internet Draft Compression Encryption Module December 1995 In June of 1995, while preparing for the November Radiological Conference in Chicago and working within the area of x-ray film digitization and enhancement, the author developed a new form of compression based upon spiral geometry. The compression achieved compares very favorably with that achieved by commercial compression packages, with the exception that it is as fast in software as CODAC boards in performing compression and decompression and is Lossless in nature. Having just attended the annual security conference in Washington DC, where we shared a booth with the TigerSafe folks, our thoughts turned to a number of problems we discussed with IS and security people from all over the world. The use by major corporations of LANs, WAN's, and Internet access providing two-way communications has given rise to many security problems from Internet hackers. Being a regular reader of the computer underground articles posted for hackers, I was already aware of many of the success stories from computer freaks, concerning breaks into Internet sites and stealing the "secured" messages stored there. As the Internet handles more financial transactions the problems have continued to increase. While considering the problems the author began a series of tests and embedded his compression algorithm in-line within a software package he has been developing called PEM+. Taking the message text and compressing the memory buffer before encrypting it. The result was a message block which successfully withstood some of the best hacking and encodement breaking tools existing. Following that test we experimented with triple CBC encryption, following compression, of the message block and believe that we may very well have a combination that will withstand NSA and an N1 computer for a hundred years. The author plans to test the compression algorithm using the Central Imaging Office (CIO-Pentagon) test suite and the ARPA Internet images. It is the author's intention to incorporate the results into his PEM+ development. Any suggestions for further testing would be gratefully accepted by the author. Finally, for the developers out there, would there be any interest in a Data Link Library (DLL) which could be integrated into Visual Basic, Visual C, C++, or Delphi for compression and encryption. Woodward Expires in Six Months [Page 1] Internet Draft Compression Encryption Module December 1995 Chair's Address The working group can be contacted via the current chair: Stephen Kent Email: kent@bbn.com Author's Address Questions and responses about this memo can be directed to: Hal Woodward Safe-Tech Systems, Inc. 45593 Shepard Drive Suite 201 Sterling, VA 20164 Email: Safetech@access.digex.net Woodward Expires in Six Months [Page 2]